summaryrefslogtreecommitdiff
path: root/app/models/ability.rb
Commit message (Collapse)AuthorAgeFilesLines
* Fix project snippets button appearing when it is disabledStan Hu2015-05-271-1/+1
| | | | Closes #1705
* Refactor permission checks to use `can?` instead of `issues_enabled` and ↵Stan Hu2015-05-251-0/+5
| | | | `merge_requests_enabled`
* Disable "New Issue" and "New Merge Request" buttons when features are ↵Stan Hu2015-05-251-0/+27
| | | | | | disabled in project settings Closes #1676
* Rename manage_group ability to admin_group for consistency with project.Douwe Maan2015-04-141-6/+6
|
* Merge branch 'fix-restricted-visibility' into 'master'Dmitriy Zaporozhets2015-03-161-2/+4
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Restricted visibility levels - bug fix and new feature This allows admin users to override restricted visibility settings when creating and updating projects and snippets, and moves the restricted visibility configuration from gitlab.yml to the web UI. See #1903. ## Move configuration location I added a new section to the application settings page for restricted visibility levels. Each level has a checkbox, styled with Bootstrap to look like a toggle button. A checked box means that the level is restricted. I added a glowing text shadow and changed the background color for checked buttons because the default styles made it hard to distinguish between checked and unchecked. This image shows the new section with the "Public" box checked: ![restricted_visibility_settings](https://dev.gitlab.org/Okada/gitlabhq/uploads/629562e4313f89b795e81c3bb0f95893/restricted_visibility_settings.png) ## Allow admins to override To allow admin users to override the restricted visibility levels, I had to remove the `visibility_level` validation from the `Project` class. The model doesn't know about the `current_user`, which should determine whether the restrictions can be overridden. We could use the creator in the validation, but that wouldn't work correctly for projects where a non-admin user is the creator and an admin tries to change the project to a restricted visibility level. The `Project::UpdateService` and `Project::CreateService` classes already had code to determine whether the current user is allowed to use a given visibility level; now all visibility level validation is done in those classes. Currently, when a non-admin tries to create or update a project using a restricted level, these classes silently set the visibility level to the global default (create) or the project's existing value (update). I changed this behavior to be more like an Active Model validation, where using a restricted level causes the entire request to be rejected. Project and personal snippets didn't have service classes, and restricted visibility levels weren't being enforced in the model or the controllers. The UI disabled radio buttons for restricted levels, but that wouldn't be difficult to circumvent. I created the `CreateSnippetService` and `UpdateSnippetService` classes to do the same restricted visibility check that the project classes do. And since I was dealing with snippet visibility levels, I updated the API endpoints for project snippets to allow users to set and update the visibility level. ## TODO * [x] Add more tests for restricted visibility functionality cc @sytse @dzaporozhets See merge request !1655
| * Update snippet authorizationVinnie Okada2015-03-141-2/+4
| | | | | | | | | | Allow authors and admins to update the visibility level of personal and project snippets.
* | Use `project_member` instead of `team_member`.Douwe Maan2015-03-151-3/+3
| |
* | Use `group_member` instead of `users_group` or `membership`.Douwe Maan2015-03-151-5/+5
|/
* Append in place for strings and arraysCiro Santilli2015-01-011-13/+13
|
* Factor abilities methodsCiro Santilli2014-10-191-0/+8
| | | | in app controller, user model and services.
* Add parenthesis to function def with arguments.Ciro Santilli2014-10-031-2/+2
|
* Huge replace of old users_project and users_group referencesDmitriy Zaporozhets2014-09-141-1/+1
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Improve labelsDmitriy Zaporozhets2014-07-301-1/+1
| | | | | | | * allow developers to manage labels * add ability to remove label Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Add create/update to Labels controllerDmitriy Zaporozhets2014-07-301-0/+1
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Merge pull request #7131 from skv-headless/per_request_rules_cachingDmitriy Zaporozhets2014-07-141-24/+26
|\ | | | | per request project rules caching
| * per request project rules cachingskv-headless2014-06-141-24/+26
| |
* | Improve files/snippets action buttonsDmitriy Zaporozhets2014-06-131-1/+5
|/ | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Refactor some search scopes to prevent wierd behaviour and PG::Error issuesDmitriy Zaporozhets2014-06-051-1/+1
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Improve performance of application for large teamsDmitriy Zaporozhets2014-06-041-4/+4
| | | | | | | This commit fixes a lot of sql queries to db for for groups and projects with big amount of members. Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Add ability rule for creating project in namespaceDmitriy Zaporozhets2014-05-281-0/+8
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Fixes a bug with group member administrationMatt DeTullio2014-03-101-0/+1
| | | | Group owners were not able to remove any users from their group if they were the only owner.
* Move services for collecting items to FindersDmitriy Zaporozhets2014-02-251-1/+1
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Fix read_group abilityDmitriy Zaporozhets2014-02-251-1/+1
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Implement project collection serviceDmitriy Zaporozhets2014-02-251-2/+2
| | | | | | | | Main purpose is move big amount of methods from user, group, project models and place filtering logic in one place. It also fixes 500 error on group page for PostgreSQL Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Allow access to groups with public projects.Jason Hollingsworth2014-02-201-2/+14
| | | | | Fixed Group avatars to only display when user has read permissions to at least one project in the group.
* User can leave group from group page.Ciro Santillli2014-02-121-0/+15
|
* Fix Issues#bulk_updateDmitriy Zaporozhets2014-02-101-0/+1
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Allow developers to mange issue trackerDmitriy Zaporozhets2014-01-241-0/+1
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Archiving old projects; archived projects aren't shown on dashboardSteven Thonus2013-12-161-11/+26
| | | | | | | | | | | | | | features for archive projects abilities for archived project other abilities for archive projects only limit commits and merges for archived projects ability changed to prohibited actions on archived projects added spec and feature tests for archive projects changed search bar not to include archived projects
* Adding authenticated public mode (internal).Jason Hollingsworth2013-11-261-4/+4
| | | | | | Added visibility_level icons to project view (rather than just text). Added public projects to search results. Added ability to restrict visibility levels standard users can set.
* Group ownership completely based on users_groups relation nowDmitriy Zaporozhets2013-09-261-2/+2
| | | | | | | Before we have only owner_id to determine group owner With multiple owners per group we should get rid of owner_id in group. So from now @group.owner will always be nil but @group.owners return an actual array of users who can admin this group
* Modify permissions for project and groupDmitriy Zaporozhets2013-09-251-1/+1
| | | | | | | * Hooks and team pages allowed only for masters/owners * Group page allowed for admin * Corrent authentication for Projects controller * Hide some project elements from visitor
* Remove writing issues/notes from non-auth user abilitiesDmitriy Zaporozhets2013-09-241-1/+11
|
* Allow non authenticated user access to public projectsDmitriy Zaporozhets2013-09-241-11/+20
|
* Fix 404 if Group guest visit empty group pageDmitriy Zaporozhets2013-09-111-0/+4
|
* Return empty abilities if user is blockedDmitriy Zaporozhets2013-08-271-0/+1
|
* Use own abilities for namespace classDmitriy Zaporozhets2013-06-211-1/+15
|
* Remove all team resources except models. Move models to deprecated directoryDmitriy Zaporozhets2013-06-181-17/+0
|
* Add UsersGroup relation to be respected by abilities and Project#teamDmitriy Zaporozhets2013-06-181-0/+4
|
* create UsersGroup entity. Modify ability to check group owners instead one ownerDmitriy Zaporozhets2013-06-181-1/+1
|
* Merge pull request #4206 from babatakao/authorize_all_teams_to_adminDmitriy Zaporozhets2013-06-061-1/+1
|\ | | | | Authorize all teams to admin: fix 500 error on showing team page.
| * Authorize all teams to admin: fix 500 error on showing team page.babatakao2013-06-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | 500 error was occured in the following steps: 1. user1 creates new team "team1". 2. Assign team1 to project1. 3. Sign in as admin. This admin is not a member of team1. 4. Open project1 team setting page (/project1/team). 5. Click "team1" link in "Assigned teams" area. 6. 500 error. Fixed this issue.
* | Allow forking of public projects by authenticated users. Fixes #4152Dmitriy Zaporozhets2013-06-061-1/+22
|/
* Fixed ability and modify UI a bitDmitriy Zaporozhets2013-06-041-1/+1
|
* Merge branch 'gist' of https://github.com/Andrew8xx8/gitlabhq into ↵Dmitriy Zaporozhets2013-06-041-7/+7
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | Andrew8xx8-gist Conflicts: Gemfile.lock app/models/ability.rb app/models/project.rb app/views/snippets/_form.html.haml db/schema.rb features/steps/shared/paths.rb spec/factories.rb spec/models/project_spec.rb
| * Tests fixedAndrew8xx82013-03-251-4/+4
| |
| * Personal snippets controlelr refactoredAndrew8xx82013-03-251-3/+2
| |
| * Snippets feature refactored. Tests now use spinachAndrew8xx82013-03-241-1/+2
| |
* | Dont show fork button in personal projects. Point to fork if already forked ↵Dmitriy Zaporozhets2013-05-081-1/+0
| | | | | | | | project
* | Merge pull request #3801 from holdtotherod/feature/internally-public-projectsDmitriy Zaporozhets2013-05-031-1/+1
|\ \ | | | | | | Internally public projects
View Lorry Controller Status